Privacy Policy

Last Updated: November 2025

Introduction

Spirited Health Institute (“Company,” “we,” “us,” or “our”) respects your privacy and is committed to protecting it through this Privacy Policy.

This Privacy Policy governs your access to and use of www.spiritedhealth.org including any content, functionality and services offered on or through www.spiritedhealth.org (the “Website”), whether as a guest or a registered user.

When accessing the Website, the Company will learn certain information about you, both automatically and through voluntary actions you may take, during your visit. This policy applies to information we collect on the Website and in email, text, or other electronic messages between you and the Website.

Please read the Privacy Policy carefully before you start to use the Website. By using the Website or by clicking to accept or agree to the Terms of Use when this option is made available to you, you accept and agree to be bound and abide by the Privacy Policy. If you do not want to agree to the Privacy Policy, you must not access or use the Website.

1. Data Controller and Contact Information

Data Controller:
Spirited Health Institute
9847 Oakhill Dr SW
Calgary, AB, T2V 3X1
Canada
Email: hello@spiritedhealth.org

Data Protection Officer:
For data protection inquiries, please contact us at hello@spiritedhealth.org with the subject line “ATTN: Data Protection Officer” or “GDPR Request”

EU Representative (Article 27 GDPR):
[To be designated if required based on processing activities]

2. Age Requirements and Children’s Privacy

2.1 General Users (Outside EU/EEA)

Our Website is not intended for children under 13 years of age. No one under age 13 may provide any information to or on the Website. We do not knowingly collect personal information from children under 13. If you are under 13, do not use or provide any information on this Website or through any of its features, register on the Website, make any purchases through the Website, use any of the interactive or public comment features of this Website, or provide any information about yourself to us, including your name, address, telephone number, email address, or any screen name or user name you may use.

2.2 EU/EEA Users

For users in the European Union or European Economic Area, our Website is not intended for children under 16 years of age without verifiable parental or guardian consent. We comply with stricter age requirements under GDPR and applicable member state laws.

2.3 Parental Rights

If we learn we have collected or received personal information from a child under the applicable age threshold without verification of parental consent, we will delete that information immediately. Parents or guardians who believe we might have any information from or about a child under the applicable age may contact us at hello@spiritedhealth.org, and we will promptly investigate and delete such information.

3. Information We Collect About You

3.1 Information You Provide To Us

We collect information that you voluntarily provide when you:

  • Fill out forms on the Website
  • Create an account or register for services
  • Purchase products or services
  • Subscribe to our newsletter or communications
  • Download resources, books, or materials
  • Register for webinars, events, or training programs
  • Communicate with us via contact forms or email
  • Respond to surveys or provide feedback
  • Participate in interactive features or comment sections
  • Use search features on our Website

Types of personal information we may collect include:

  • Name and contact information (email address, phone number, mailing address)
  • Account credentials (username, password)
  • Billing and payment information (credit card details, billing address)
  • Demographic information (age range, location, preferences)
  • Health and wellness interests and goals
  • Communications and correspondence with us
  • Any other information you choose to provide

3.2 Information We Collect Automatically

As you navigate through our Website, we automatically collect certain information about your equipment, browsing actions, and patterns through:

Cookies and Similar Technologies:

  • Session cookies (temporary, deleted when you close your browser)
  • Persistent cookies (remain until expiration or deletion)
  • Analytics cookies (Google Analytics and similar services)
  • Functionality cookies (remember your preferences)
  • Advertising/targeting cookies (from us and third parties)

Automatic Data Collection includes:

  • IP address and geolocation data
  • Browser type and version
  • Operating system and device type
  • Referring/exit pages and URLs
  • Date and time stamps of visits
  • Pages viewed and time spent on pages
  • Clickstream data and navigation patterns
  • Internet connection information

Legal Basis for Automatic Collection:

  • EU/EEA users: We rely on your consent (for non-essential cookies) or legitimate interests (for essential functionality)
  • Your consent can be managed through our cookie consent tool

3.3 Information from Third Parties

We may receive information about you from third-party sources, including:

  • Social media platforms (if you connect your account)
  • Payment processors and financial institutions
  • Marketing and analytics partners
  • Public databases and data enrichment services
  • Third-party service providers who assist us in operating our Website

4. Legal Basis for Processing (EU/EEA Users)

Under GDPR, we process your personal data based on the following legal grounds:

4.1 Consent

  • Marketing communications and newsletters
  • Non-essential cookies and tracking technologies
  • Optional data collection activities

You may withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

4.2 Contract Performance

  • Processing orders and delivering products/services
  • Managing your account
  • Providing customer support
  • Processing payments

4.3 Legal Obligations

  • Tax and accounting requirements
  • Responding to legal requests
  • Compliance with applicable laws

4.4 Legitimate Interests

  • Website security and fraud prevention
  • Improving our services and user experience
  • Internal business operations and analytics
  • Direct marketing to existing customers (where permitted)

We balance our legitimate interests against your rights and freedoms and only process data where the benefits are not overridden by your fundamental rights.

5. How We Use Your Information

We use the information we collect for the following purposes:

5.1 Service Delivery

  • Presenting our Website and its contents to you
  • Providing products, services, and resources you request
  • Processing and fulfilling orders and transactions
  • Managing your account and subscriptions
  • Delivering digital products and content
  • Providing customer service and support

5.2 Communication

  • Sending transactional emails (order confirmations, receipts, updates)
  • Responding to your inquiries and requests
  • Providing technical notices and security alerts
  • Sending newsletters and marketing communications (with your consent)

5.3 Marketing and Personalization (With Appropriate Legal Basis)

  • Outside EU: If you register for resources, webinars, events, or purchase products, we will automatically enroll you in our email newsletter. You can unsubscribe anytime using the link in every email.
  • EU/EEA Users: We will only enroll you in our newsletter if you affirmatively consent. You can withdraw consent anytime.
  • Displaying personalized content and recommendations
  • Tailoring advertisements to your interests
  • Offering promotions and special offers
  • Conducting market research and surveys

5.4 Business Operations

  • Administering our business activities
  • Analyzing Website usage and improving our services
  • Detecting and preventing fraud and security threats
  • Enforcing our Terms of Use and other agreements
  • Complying with legal obligations

5.5 Third-Party Offers

From time to time, we may use your information to make you offers to purchase products and services provided by third parties in exchange for a commission. Should you opt to participate in such promotions, those third parties will receive your information. We will clearly disclose this before you engage with such offers.

6. Cookies and Tracking Technologies

6.1 What Are Cookies?

A cookie is a small text file that a website stores on your computer or mobile device when you visit the site. Cookies enable websites to remember your actions and preferences over time.

6.2 Types of Cookies We Use

Essential Cookies (Strictly Necessary): These cookies are necessary for the Website to function and cannot be switched off. They are usually set in response to actions you take, such as setting privacy preferences, logging in, or filling in forms.

Analytics and Performance Cookies: These cookies help us understand how visitors interact with our Website by collecting and reporting information anonymously. We use Google Analytics and similar services.

Functionality Cookies: These cookies enable enhanced functionality and personalization, such as remembering your preferences and settings.

Advertising/Targeting Cookies: These cookies may be set through our site by us or our advertising partners. They may be used to build a profile of your interests and show you relevant advertisements on other sites.

6.3 Third-Party Cookies and Pixels

Some content or applications on the Website are served by third parties, including:

  • Advertisers and ad networks
  • Analytics providers (Google Analytics)
  • Social media platforms (Facebook Pixel, LinkedIn Insight Tag, etc.)
  • Content delivery networks
  • Payment processors

These third parties may use cookies, web beacons, or other tracking technologies to collect information about you when you use our Website. The information they collect may be associated with your personal information or they may collect information about your online activities over time and across different websites.

Important: We do not control these third parties’ tracking technologies or how they may be used. If you have questions about targeted advertising or content, contact the responsible provider directly.

6.4 Managing Cookies (Your Choices)

Cookie Consent Tool: When you first visit our Website, we present you with a cookie consent banner. You can accept or reject non-essential cookies. You can change your preferences at any time by accessing our cookie settings tool.

Browser Settings: Most web browsers allow you to control cookies through their settings. However, if you disable cookies, some features of our Website may not function properly.

Opt-Out Tools:

  • Google Analytics opt-out: https://tools.google.com/dlpage/gaoptout
  • Network Advertising Initiative: http://www.networkadvertising.org/choices/
  • Digital Advertising Alliance: http://www.aboutads.info/choices/
  • European Interactive Digital Advertising Alliance: http://www.youronlinechoices.eu/

EU/EEA Users: You have the right to withdraw cookie consent at any time through our cookie management tool.

7. Disclosure and Sharing of Your Information

7.1 When We Share Your Information

As a general rule, we do not sell, rent, or lease your personal information to third parties. However, we may disclose your information in the following circumstances:

Service Providers and Processors: We share information with third-party service providers who perform services on our behalf, including:

  • Web hosting and cloud storage providers
  • Email marketing platforms
  • Payment processors
  • Analytics providers
  • Customer relationship management (CRM) systems
  • Customer support platforms

These service providers are bound by contractual obligations to keep your information confidential and use it only for the purposes for which we disclose it to them.

Business Transfers: We may provide your information to any successor in interest in the event of a merger, acquisition, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets and/or business.

Legal Requirements: We may disclose information when legally compelled to do so or when we, in good faith, believe that disclosure is necessary to:

  • Comply with law, regulation, or legal process
  • Enforce our Terms of Use or other agreements
  • Protect our legal rights or property
  • Protect the safety and security of our users or the public
  • Respond to requests from courts, law enforcement, or government authorities

With Your Consent: We may share your information with third parties when you explicitly consent to such sharing.

Affiliates and Subsidiaries: We may share your information with our subsidiaries and affiliates for purposes consistent with this Privacy Policy.

Third-Party Promotional Partners: If you opt into promotional offers from third parties, we will share your information with those partners. This will be clearly disclosed before you provide consent.

7.2 International Data Transfers

Important for EU/EEA Users:

Your personal information may be transferred to and processed in Canada or other countries outside the European Union and European Economic Area. These countries may have data protection laws that differ from those in your country of residence.

When we transfer your data internationally, we implement appropriate safeguards, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions where applicable
  • Binding corporate rules for transfers within our corporate group
  • Other appropriate safeguards recognized under GDPR

You have the right to request information about the safeguards we use for international transfers and to obtain a copy of such safeguards by contacting us.

8. Data Retention

8.1 General Retention Principles

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected or as required by law.

8.2 Specific Retention Periods

Account Information: Retained while your account is active and for a reasonable period thereafter (typically 2-3 years after account closure) for business purposes and legal compliance.

Transaction Records: Retained for at least 7 years to comply with tax, accounting, and financial regulations.

Marketing Communications: Retained until you unsubscribe or withdraw consent, plus a reasonable period (typically 1 year) to prevent re-subscription.

Analytics Data: Anonymized or pseudonymized after 26 months (aligned with Google Analytics retention).

Website Logs: Typically retained for 12-24 months for security and troubleshooting purposes.

Legal Hold: Information may be retained longer if required for legal proceedings, investigations, or regulatory compliance.

8.3 Your Right to Deletion

EU/EEA users have the right to request deletion of their personal data. We will honor such requests unless we have a legal obligation or legitimate reason to retain the information. See Section 10 for more details on your rights.

9. How We Protect Your Information

9.1 Security Measures

We employ commercially reasonable administrative, technical, and physical security measures to protect your personal information, including:

Technical Safeguards:

  • Encryption of data in transit (SSL/TLS)
  • Encryption of sensitive data at rest
  • Secure data storage and backup systems
  • Firewalls and intrusion detection systems
  • Regular security assessments and vulnerability testing

Administrative Safeguards:

  • Access controls and authentication requirements
  • Employee training on data protection
  • Confidentiality agreements with employees and contractors
  • Incident response and breach notification procedures
  • Working only with reputable third-party vendors

Physical Safeguards:

  • Secure facilities with restricted access
  • Environmental controls for data centers

9.2 Payment Security

Credit card information and payment details are processed through secure, PCI-DSS compliant payment processors. We do not store complete credit card numbers on our servers. Payment information is never transmitted via email.

9.3 Email Security

Email is not recognized as a secure medium of communication. For this reason, we request that you do not send sensitive personal information to us by email. However, if you choose to do so, it is at your own risk. Some information you enter on our Website may be transmitted securely via SSL.

9.4 Your Responsibility

You are responsible for maintaining the confidentiality of your account credentials and for any activities under your account. Please notify us immediately if you become aware of any unauthorized use of your account.

9.5 Data Breach Notification

EU/EEA Users: In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the relevant supervisory authority within 72 hours of becoming aware of the breach, as required by GDPR Article 33.

All Users: We will notify affected users of any security breach in accordance with applicable laws and will provide information about steps you can take to protect yourself.

10. Your Privacy Rights

10.1 Rights for All Users

Opt-Out of Marketing Communications: You may unsubscribe from our marketing emails at any time by clicking the “unsubscribe” link at the bottom of every email or by contacting us at hello@spiritedhealth.org.

Do Not Track Signals: Some browsers have a “Do Not Track” feature. Our Website does not currently respond to Do Not Track signals. However, you can control cookies through your browser settings and our cookie consent tool.

10.2 EU/EEA Users – Your GDPR Rights

If you are located in the European Union or European Economic Area, you have the following rights under the General Data Protection Regulation (GDPR):

1. Right of Access (Article 15) You have the right to request confirmation of whether we process your personal data and to obtain a copy of your personal data.

2. Right to Rectification (Article 16) You have the right to request correction of inaccurate or incomplete personal data.

3. Right to Erasure / “Right to be Forgotten” (Article 17) You have the right to request deletion of your personal data under certain conditions, including:

  • The data is no longer necessary for the purposes for which it was collected
  • You withdraw consent (where processing is based on consent)
  • You object to processing and there are no overriding legitimate grounds
  • The data has been unlawfully processed
  • The data must be erased to comply with a legal obligation

4. Right to Restriction of Processing (Article 18) You have the right to request restriction of processing under certain conditions, such as when you contest the accuracy of the data or object to processing.

5. Right to Data Portability (Article 20) You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.

6. Right to Object (Article 21) You have the right to object to processing based on legitimate interests or for direct marketing purposes. We will cease processing unless we demonstrate compelling legitimate grounds that override your interests, rights, and freedoms.

7. Right to Withdraw Consent (Article 7(3)) Where we rely on your consent to process your personal data, you have the right to withdraw that consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

8. Right Not to be Subject to Automated Decision-Making (Article 22) You have the right not to be subject to decisions based solely on automated processing, including profiling, which produces legal or similarly significant effects. We do not currently engage in automated decision-making that produces such effects.

9. Right to Lodge a Complaint You have the right to lodge a complaint with a supervisory authority in your EU member state if you believe we have violated your data protection rights.

List of EU Data Protection Authorities:
https://edpb.europa.eu/about-edpb/board/members_en

10.3 How to Exercise Your Rights

To exercise any of these rights, please contact us at:

  • Email: hello@spiritedhealth.org (use subject line “GDPR Request” or “Privacy Rights Request”)
  • Mail: Spirited Health Institute, 9847 Oakhill Dr SW, Calgary, AB, T2V 3X1, Canada

Verification: To protect your privacy and security, we may need to verify your identity before fulfilling your request. This may require providing additional information.

Response Time: We will respond to your request within one month of receipt. In complex cases, we may extend this period by two additional months, and we will inform you of the extension.

No Fee: We will not charge a fee for exercising your rights unless your request is clearly unfounded, repetitive, or excessive.

10.4 California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), including:

  • Right to know what personal information is collected
  • Right to delete personal information
  • Right to opt-out of the sale of personal information (Note: We do not sell personal information)
  • Right to non-discrimination for exercising your rights

To exercise your California privacy rights, contact us using the information in Section 10.3.

11. Email Communications and CAN-SPAM Compliance

11.1 Email Policies

We are committed to keeping your email address confidential. We do not sell, rent, or lease our email lists to third parties, except as disclosed in Section 7 of this Privacy Policy.

11.2 CAN-SPAM Compliance

All emails sent from our organization comply with the CAN-SPAM Act:

  • Clearly identify the sender
  • Provide accurate header information
  • Include our physical mailing address
  • Provide a clear and conspicuous way to opt-out
  • Honor opt-out requests promptly (within 10 business days)

11.3 Unsubscribe

Every marketing email includes an “unsubscribe” link at the bottom. Click this link to stop receiving marketing communications from us. You may also email hello@spiritedhealth.org with “Unsubscribe” in the subject line.

Note: Even after unsubscribing from marketing emails, you may still receive transactional emails related to your account, orders, or services (e.g., order confirmations, password resets, important account updates).

12. Third-Party Websites and Services

Our Website may contain links to third-party websites, services, or applications that are not owned or controlled by Spirited Health Institute, including:

  • Social media platforms
  • Payment processors
  • Content providers
  • Partner websites
  • Affiliate links

Important: We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party websites or services. We are not responsible or liable for any damage or loss caused by or in connection with your use of third-party websites.

We encourage you to review the privacy policies and terms of service of any third-party websites or services you visit. This Privacy Policy applies only to information collected by our Website.

13. Social Media Features

Our Website may include social media features and widgets (such as Facebook Like button, Twitter Share button, LinkedIn Share button). These features may collect your IP address, track which pages you visit on our site, and set cookies to enable the feature to function properly.

Social media features and widgets are either hosted by a third party or hosted directly on our Website. Your interactions with these features are governed by the privacy policy of the company providing them.

14. Automated Decision-Making and Profiling

EU/EEA Users: We do not use your personal data for automated decision-making that produces legal or similarly significant effects concerning you. If this changes in the future, we will update this Privacy Policy and obtain your consent where required by law.

We may use automated tools for marketing personalization and analytics, but these do not result in decisions that have legal or similarly significant effects.

15. Changes to This Privacy Policy

15.1 Updates and Revisions

We reserve the right to update or modify this Privacy Policy at any time. It is our policy to post any changes on this page with an updated “Last Updated” date at the top.

15.2 Material Changes

If we make material changes to how we treat your personal information, we will notify you by:

  • Email to the address specified in your account (if applicable)
  • Prominent notice on our Website homepage
  • Other appropriate means based on the nature of the change

EU/EEA Users: For material changes that require consent, we will obtain your renewed consent before the changes take effect.

15.3 Your Responsibility

You are responsible for:

  • Providing us with an up-to-date, active, and deliverable email address
  • Periodically reviewing this Privacy Policy for changes
  • Updating your account information as needed

Continued Use: Your continued use of the Website after changes to this Privacy Policy constitutes your acceptance of the updated policy.

16. Data Processing Records (GDPR Article 30)

As required under GDPR, we maintain records of our data processing activities. EU/EEA users may request information about:

  • Categories of personal data processed
  • Purposes of processing
  • Categories of recipients
  • International data transfers and safeguards
  • Retention periods
  • Security measures

Contact our Data Protection Officer to request this information.

17. Consent and Contracting Requirements

We require only the information that is reasonably necessary to:

  • Enter into a contract with you
  • Provide the services you request
  • Comply with legal obligations

We will not require you to provide consent for any unnecessary processing as a condition of entering into a contract with us, in compliance with GDPR Article 7(4).

18. Supervisory Authority Information

For EU/EEA Users:

If you have concerns about how we handle your personal data, you have the right to lodge a complaint with your local data protection supervisory authority.

List of EU Data Protection Authorities:
European Data Protection Board: https://edpb.europa.eu/about-edpb/board/members_en

Example Supervisory Authorities:

  • France: Commission Nationale de l’Informatique et des Libertés (CNIL)
  • Germany: Federal Commissioner for Data Protection and Freedom of Information (BfDI)
  • Ireland: Data Protection Commission (DPC)
  • United Kingdom: Information Commissioner’s Office (ICO)
  • [Contact your local authority based on your country of residence]

19. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Spirited Health Institute
9847 Oakhill Dr SW
Calgary, AB, T2V 3X1
Canada

Email: hello@spiritedhealth.org

For Data Protection Inquiries:
Please use the subject line “ATTN: Data Protection Officer” or “GDPR Request”

For California Privacy Rights:
Please use the subject line “CCPA Request”

Response Time: We aim to respond to all inquiries within 30 days.